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[57] ABSTRACT 

Disclosed is a method and apparatus that protects user 
passwords and identification numbers by using dynamic 
and fixed cipher keys to generate one-time access codes 
that are recognized by an authorization center. The 
authorization center provides a user with a pool of user 
selectable algorithms that are easily remembered by a 
user. When access is desired the user mentally generates 
and subsequently enters a non-machine generated ac- 
cess code formed by using the selected algorithm, the 
password, and a dynamic variable. The authorization 
center also generates a corresponding access code using 
stored user data. If the two access codes match access is 
granted. 

12 Claims, 7 Drawing Sheets 
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variables (time of day data), as encoding keys for a 
METHOD AND APPARATUS FOR PROVIDING predetermined algorithm. Generally in such a system, 
SECURE ACCESS TO A LIMITED ACCESS both the user and an authorization center (e.g. ATM) 

SYSTEM use a separate computer to generate a "non-predictable 

5 code" .based on a predetermined ciphering algorithm. 
FIELD OF THE INVENTION algorithm is stored in both computers. 

This invention generally pertains to the field of sys- The PIN and account number are entered by the user 
tern accra security and more particularly to a method into the hand held computer that stores the predeter- 
and apparatus for protecting user access information. mined algorithm (the same algorithm used by the verifi- 
« . ^^^^tv^n ^ «nrr.i W ^ 10 cation computer). The algorithm obtains the time de- 
BACKGROUND OF THE INVENTION va £ abl / from j/^rnal clock and generates 

Theft or misappropriation of personal access num- the "non-predictable" code that is then entered into the 

hers, passwords, or personal identification numbers ATM by the user. Each computer requires an internal 

(FIN's) often occurs where businesses provide a user dock to generate the dynamic time dependent variable, 

(or customer) with remote access to a service or prod- 15 jh c receives ultimate access when a match be- 

uct. In the case of financial services, the password is a tween the two generated codes occurs. The algorithm 

PIN. For example, a bank issues a PIN arid an account uses a plurality of static variables and a dynamic time 

number for use in accessing a plurality of cash disburse- dependent variable as its ciphering keys, 

ment machines (e.g. Automatic Teller Ma- However, this method requires a user to obtain a 

chines-ATM's). Cash disbursement machines are typi- ate computer to access a desired system and re- 

cau ■ linked to a central computer that performs the jres ^ of the computcrs to maintain ^ 

access authorization process, ^ devices fof timc d dent variable generation and 

generally, access authonzation occurs by inserting a m* M **u, a ~A ^^r^t^t 

card containing a magnetically stored account number synchronization. This becomes costly and complicated 

or other user account information into the remote 25 whenusers require inexpensive and easy access to a 

ATM. Once the magnetic card reader in the ATM reads de f? ed se ™ ce or P r ^ r uct ' Um9 . 

and matches the stored account number with a valid There exists a need for a secure access method and 

account number, the ATM prompts the user to input ^ icm that substantially prevents an onlooker from 

the user's PIN. If the entered PIN and account number determining secret access data while minimizing the 

pai. correspond to a valid PIN and account number pair 30 hardware and access time needed by the user to receive 

previously stored in a user file, access to the account is complete access to a limited access system, 

granted. The unique PIN assigned to or chosen by the SUMMARY OF THE INVENTION 
user is typically memorized by the user and is not 

known to any other entity other than an account access These needs and others have been substantially met 

administrator that issues the PIN. 35 through the method and apparatus for providing secure 

Generally, theft occurs because the PIN is a static or access to a limited access system as described herein, 
fixed identification key in* that the user enters the same The invention includes a method of securing access to a 
identification key (i.e., PIN) each time access is desired. limited access system including the steps of: maintaining 
An unscrupulous onlooker may see the PIN being en- a plurality of user selectable ciphering algorithms that 
tered (or a password as in the case of a computer termi- 40 are accessible by an authorization means, such as an 
nal. mobile telephone, or equivalent access terminals) authorization center, selecting, by the user, one of the 
and may steal the card whereafter the thief may gain plurality of user selectable ciphering algorithms as an 
access to the system. Alternatively, as in the case of a access ciphering method; inputting, by the user, a non- 
telephone calling card, the card is not required to access machine generated access code based on the selected 
the account. 45 c jph e ring algorithm and further including at least one 

One known method for protecting card users allows dynamic variable as a first cipher key, such as the cur- 

the user to choose a PIN without the knowledge of the rem Dow Jones industrial Average and one or more 

account access administrator. This further reduces the ^ variabIes ^ a ciphcr key , ^ch ^ a PIN . 

number of persons that know the users PIN. Such ^^jv^ a dynamic variabIc only roay * ^for 

methods also use an encoding algonOun to encode the 50 ^ ft ^ hone ^ ^ ^ 

PIN and subsequenUy store the encoded version^ the ^ ^ ^ US e of the last for digits of the called 

PIN on the card. The encoding algonthm is known f RUmber ^ method ^ r ^ uires: gencrat . 

only to the account access administrator and uses both r r A . • , . . ^ ° 

* , . «• « . . , , „ wg, for use by the authorization means, a corresponding 

static and dynamic encoding keys as variables to gener- *' ' i * L • u • t 

ate an encoded PIN. A dynamic variable change as a 55 "*« s b **? on * c w P hcnn « ^ 

function of an event or environmental situation which . nthm r and " cludm 8 at J< f* onc vanablc 

may include a new account balance or the date of the » CT P hcr ^y and one fixed variable as a second 

use of the card. Consequently the encoded PIN is more CI P hcr kev i cofparmg the non-machine generated ac- 

random and less predictable. « code Wlth the corresponding access code; and 

However, the user still enters the undisguised static 60 granting the user access to the limited access system m 

PIN whereafter the system decodes the encoded PIN response to an output resulting from the comparison of 

stored on the card and grants access to the system if the the non-machine generated access code and the corre- 

decoded PIN and the undisguised static PIN match. sponding access code. 

Therefore the problem of an unscrupulous onlooker A method for using a keypad with numerical keys as 

gaining access to the system from seeing the PIN and 65 an alphabetical and/or non-numerical (e.g., •*#» 

stealing the card still exists. etc.) character generator for entry of the non-machine 

Other access methods require additional hardware generated access code is also disclosed. This method 

components and also include the use of time dependent includes entering a sequence of keys along with a delim- 
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iter key to represent non-numericaJ characters such as 
alphabetical characters. 

■ n apparatus is disclosed that includes: an authoriza- 
tion center coupled to an access code entry means (e.g., 
telt nhone dial, ISDN phone keypad, ATM keypad, a 5 
dual tone multiple frequency keypad, touch or scribe 
sensitive screen, speech recognition device, etc.). The 
autnorization center includes means for storing a plural- 
itv of user selectable ciphering algorithms and comput- 
ing means, operably coupled to the means for storing, 10 
for generating a corresponding access code based on a 
us ;r selected ciphering algorithm chosen from the plu- 
rality of user selectable ciphering algorithms. The cor- 
responding access code includes at least: one or more 
dynamic variables as a first cipher key; and may include IS 
on? or more fixed variables as a second cipher key. 

The authorization center has means, operably cou- 
pled to the computing means, for comparing a non- 
machine generated access code with the corresponding 
access code and means, operably coupled to the com- 20 
pu ing means, for granting the user access to the limited 
access system in response to an output resulting from 
the comparison of the non-machine generated access 
code and the corresponding access code. 

The code entry means is operably coupled to the 25 
authorization center and enables the user to input a 
non-machine generated access code for verification. 
TJ--* access code is based on the selected ciphering algo- 
rithm, and at least: one dynamic variable as a first cipher 
ke; . and optionally, at least one fixed variable as a sec- 30 
ono cipher key. The authorization system compares the 
two generated access codes and grants access if there is 
a match. 
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The features of the present invention which are be- 
lieved to be novel are set forth below with particularity 
in the appended claims. The invention, together with 
further objects and advantages thereof, may be under- 
stood by reference to the following description taken in 40 
conjunction with the accompanying drawings. 

FIG. 1 is a diagrammatic representation of the cipher 
keys and information format employed by a user and a 
verification system in accordance with the invention; 

FIG. 2a is a flow chart depicting the preferred em- 45 
bodiment for the method of providing secure access to 
a limited access system in accordance with the inven- 
tion; 

FIG. 2b is a flow chart depicting another embodi- 
ment of the method in FIG. 2a; 50 

FIG. 3 is a functional block diagram of an apparatus 
for providing secure access to a limited access system in 
accordance with the invention; and 

FIG. 4 is a pictorial representation of a typical dual 
tone multiple frequency keypad as used in the embodi- 55 
mentofFIG, 3. 

FIG. 5 is a flow chart illustrating the methodology of 
a specific example of buffer memory allocation for a 
multiple key character entry system. 

FIG. 6 is a diagrammatic illustration of a specific 60 
embodiment of a buffer memory structure for a multiple 
key character entry system. 

DETAILED DESCRIPTION OF THE 
INVENTION 

FIG. 1 shows cipher elements 100 employed by a user 
101 and cipher elements 102 employed by an authoriza- 
tion center. Cipher elements 102 for the authorization 



65 



center include a plurality of: user account information 
104 such as account ID's, user access keys 106; user 
algorithm index numbers 108; user selectable cipher 
algorithms 110; and dynamic variables 112. These ele- 
ments are stored in memory in the authorization center. 
The authorization center is typically one or more com- 
puting site(s) with storage capabilities and will be dis- 
cussed later with reference to FIG. 3. 
. Cipher information employed by the user 101 in- 
cludes: a unique access key 114 memorized by the user, 
such as a PIN; an account LD. 116 such as bank account 
number or phone number, typically stored on a card; a 
selected cipher algorithm 118 memorized by the user 
and selected from the pool of algorithms 110; and one or 
more dynamic variables 120. 

An account access administrator assigns each user a 
static account ID 116 and a static access key 114 which 
uniquely identifies the user to an appropriate access 
system. This information is stored and is accessible by 
the authorization center. The user preselects one of the 
cipher algorithms 118 from the pool of selectable cipher 
algorithms 110 when the access key is first assigned to 
the user. The algorithm. 110 may be changed by the user 
by selecting another one of the algorithms 110 at a time 
after the initial selection. An algorithm index 122 serves 
as a pointer indicating the selected algorithm 118 from 
the pool 110. 

Each cipher algorithm in the pool 110 is different and 
is selectable by more than one user as indicated by user 
C and user XX each choosing algorithm AXXX. Each 
cipher algorithm requires that at least a user's access 
key and one or more dynamic variables serve as cipher 
keys to generate an output. 

The output from the cipher process is called an access 
code. This access code may be a multiple alternative 
code, for example, for a calling card, the access code 
could be either the first or last four digits of the called 
telephone number. The access code generated by the 
user 101 is a non-machine generated access code 123 
because it is generated from memory by the user with- 
out the necessity of a separate computer. The access 
code generated by the authorization center is called a 
corresponding access code 124. Typically, an access 
code constitutes a four to eight character code (eg., 
12300 A); although many access code types and lengths 
are suitable. 

The pool of cipher algorithms 110 includes a list of 
simple yet effective coding schemes to generate dy- 
namic access codes that substantially disguise the user's 
access key from onlookers by resulting in an access 
code which continually changes. In the illustrated em- 
bodiment, the dynamic variable is preferably an envi- 
ronmental dependent variable. Examples of these cipher 
algorithms include: using an ATM's serial number as 
the environmental dynamic variable (it changes at each 
ATM) in conjunction with the access key to generate 
the access code; using the latest Dow Jones Industrial 
Average (DJI A) as the dynamic variable in conjunction 
with the access key to generate the access code; or in 
the case of telephone access, using the dialed number as 
the dynamic variable along with the access key to gen- 
erate the access code. The exact coding sequence (i.e., 
algorithm) using these variables may vary, therefore 
any suitable scrambling techniques to disguise the ac- 
cess key using the dynamic variable may be used. The 
algorithm may be as simple as adding the ATM serial 
number to the access key. A user may also design a 
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customized algorithm and have the authorization center FIG. 2b depicts another embodiment of the process in 

store it in the algorithm pool 110. FIG. 2a and provides the user with additional security 

Using the dynamic variable to generate the access by allowing the user the option of selecting a new ci- 

code creates a dynamic password system by causing the pher algorithm from the cipher algorithm pool after 

access code to vary with each use. After the user 101 5 each transaction. Therefore, if an onlooker does see the 

and the authorization center generate access codes 123, non-machine generated access code 123 entered by the 

124, they are compared to determine whether a match user at the beginning of the transaction, access for that 

exists. A match indicates a valid access code. same access code on the same machine thereafter will 

Like current systems, each access key may be unique. be denied because the next access code now requires use 

Using unique access keys 106 allows multiple users to 10 of the newly selected cipher algorithm, 

choose the same algorithm without jeopardizing secu- This aspect is shown by steps 256-259. After the 

rity. For example, when two users choose an algorithm authorization center gives access in step 255 but before 

that requires entry of the serial number of an ATM as the access procedure is completed (step 260), the autho- 

the dynamic variable, two users on that same ATM will rization center asks the user if a new algorithm should 

produce two different access codes since their static 15 be selected from the pool as shown in step 256. If no 

access keys are different. new algorithm is desired, the access process is ended at 

FIG. 2a shows the preferred embodiment of the steps step 260. If the user desires a new algorithm from the 

between a user and an authorization center for provid- pool the access process continues to step 257 where the 

ing secure access to systems. The authorization center pool of cipher algorithm is displayed to the user for 

begins the process in step 200 by asking a user to insert 20 selection. In step 258, the user selects a new algorithm, 

a card, or alternatively, to simply enter an ID (the card After a new algorithm gets selected, the authorization 

or ID may contain the user's account I.D.), into a center updates the algorithm index in the user informa- 

reader. The user inserts the card in step 205. Once the tion file to reflect the change in algorithms as shown in 

card is inserted, the authorization center prompts the step 259. The access process again ends at step 260 

user in step 215 to enter the non-machine generated 25 whereafter the user continues with a desired transac- 

access code 123. In step 210, the user then generates the tion. 

non-machine generated access code using the selected FIG. 3 shows a block diagram of a system for provid- 

cipher algorithm 118, the user's memorized access key ing secure access to a limited access system. The system 

114, and one or more dynamic variables 120. Also in includes an access code entry system 300 and an access 

step 210, the user enters the non-machine generated 30 authorization center 305. 

access code via a keypad or other input device into the The access code entry system 300 includes a code 

access system. input apparatus 310 such as a dual tone multiple fre- 

In step 220, the authorization center scans its user quency (DTMF) keypad for inputting the access code 

account ID database network 104 to verify that the 123 and/or account ID 116 and for selecting the desired 

entered account ID 116 is valid. Next the authorization 35 algorithm. It also may include a card reading device 315 

center determines whether the account ID 116 is found for reading information magnetically or optically stored 

as indicated by step 225. If the account ID 116 is not on a storage medium such as a card. The authorization 

found in the database, access is denied and the system center 305 includes a computing unit 320, such as a 

asks the user to reinsert the card as depicted by step 230 mainframe or persona] computer containing a CPU and 

and the path going back to step 205. 40 storage means 325. The storage means is non-volatile or 

If the account ID 116 is found, the authorization volatile memory structured as databases, 

center continues to step 235 where the valid account ID The access code entry system 300 is coupled to the 

is used to locate the users corresponding data file con- access authorization center 305 through a communica- 

taining the proper selected cipher algorithm index 122 tion link 307 such as an optical link, computer bus, or 

and the user's access key 114. Based on this data, the 45 telephone line. The code entry system 310 and the card 

authorization center searches a dynamic variable data- reading device 315 are coupled to the computing means 

base 112 for the proper dynamic variable associated also through communication link 307. The computing 

with the selected algorithm. The authorization center means 320 is coupled to the storage means 325 through 

then proceeds to step 240 where it generates a corre- computer bus 335. 

sponding access code 124 based on the above mentioned 50 The computing unit 320 performs the ciphering func- 

stored data. tion, comparison function, and the granting function 

In step 245, the authorization center compares the when determining whether access should be granted (as 

non-machine generated access code 123 entered by the described in steps 215-260 of FIG. 2a and FIG. 2*). A 

user with the corresponding access code 124 generated first portion of the storage means 325 is capable of ac- 

by the authorization center. If no match occurs, the 55 cessing user information 330 that includes the user's 

authorization center proceeds to step 250 whereafter account ID 116, the user access key 114, and the algo- 

the authorization center denies access and continues rithm index 122 (as described with reference to FIG. 1). 

back to step 205. If a match is detected, the authorize- The storage means 325 also stores the pool of user se- 

tion center acknowledges access by a proper user and lectable cipher algorithms 110. The storage means 325 

continues to step 255 whereafter access grants to the 60 may be storage devices at multiple locations accessible 

user. Once the authorization center grants access, the by the computing unit 320. Dynamic variable data 112 

access procedure is terminated as indicated by step 260. may be stored in a database or some other available 

The user then continues with the desired transactions. source which is accessible by the computing unit 320. 

As is obvious to those of ordinary skill in the art, The access code entry system 300 and the authoriza- 

variations on the order of the above steps may be advan- 65 tion center 305 may be integrated into the same housing 

tageous to a given application, such as the moving of or may be separate components. Furthermore, more 

steps 225 and 230 immediately after step 205, without than one code entry system 300 may be connected with 

departing from the spirit and scope of the invention. one or more access authorization centers 305. In addi- 
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tion to at least one processing unit being shared between entered. If not, the process is encoded as illustrated by 
an access code entry system 300 and an authorization block 404. If more characters are entered, the next char- 
center 305, the code entry system 300 may have its own acter is read from the input buffer 450 at step 406. The 
dedicated processing unit. Any other suitable network character read from the input buffer 450 is then checked 
structure may also be used. 5 to determine if it is the delimiter character, and if not, 

FIG. 4 depicts the layout of a typical DTMF keypad, the character is put into the output buffer 460 at step 

which is an example of a keypad with numerical keys. 410. For example, see FIG. 6, input buffer 454. If the 

Typically access entry systems utilizing such a device delimiter character is detected, the next two characters 

only use access codes that correspond to a numerical are read from the input buffer 450 and the resulting 

representation based on combinations of the single digit 10 composed character is determined in step 412. The 

numbers 0-9 shown on the face of the keypad. This composed character is then put into the output buffer 

invention discloses a method for representing non- 460 in step 410. See FIG. 6, input buffers 451, 452 and 

numerical characters using the numerical based keypad. 453. The process performed at step 412 depends upon 

This affords the user additional flexibility in choosing the type of multi-key system use. Thus, a trailing delim- 

the type of dynamic variable for use with an algorithm. 15 iter system would require that previous key entries be 

One user may be more apt to remembering words read when the delimiter was detected, and a middle 

while another user may more easily remember numbers. delimiter system would require reading the previous 

Consequently, a user may want to use a number as the and next character to determine the proper character, 

dynamic variable such as the current DJIA or may After step 410, the process branches back to step 402 

prefer to use words from a daily newspaper such as the 20 and repeats if there are any more characters, 

first word used in a favorite writer's column. The user It should be understood that the implementation of 

may use the numeric keypad to represent both numbers other variations and modifications of the invention in its 

and/or letters. various aspects will be apparent to those of ordinary 

The inventive method includes entering a combina- skill in the art, and that the invention is not limited by 
tion of at least one key from the keypad; entering an- 25 the specific embodiments described. It is therefore con- 
other key from the keypad as a delimiter key; and deter- templated to cover by the present invention, any and all 
mining whether the combination of at least two keys, modifications, variations, or equivalents that fall within 
including the delimiter key represents a non-numerical the true spirit and scope of the basic underlying princi- 
character (e.g., "#101" or "#103="+")- The delimiter pies disclosed and claimed herein, 
key may be at any point in the character string (for 30 What is claimed is: 

example, at the end, "5l*"=J; at the beginning, 1. A method for providing secure access to a limited 

"*51"=J; and in the middle, "5*1*'= J). In another access system comprising the steps of: 

option, a single key may be used more than once (e.g., maintaining a plurality of user selectable ciphering 

"##" ="#")■ algorithms that are accessible by an authorization 

As an example, when the "*" key is used as the end 35 means; 

delimiter character, the letters "J", "K", and "L" may selecting, by the user, one of the plurality of user 

be input by the user as "51*", "52°", and "53*" respec- selectable ciphering algorithms as an access cipher- 

tively. When, for example, the leading delimiter method ing method; 

is used and the "#" character is the delimiter key, the inputting, by the user, a non-machine generated ac- 

letters "F", "J", "K", and "L" are input by the user as 40 cess code based on the selected ciphering algo- 

"#33" f "#51", "#52", and "#53" respectively. As an- rithm and further comprised of at least a dynamic 

other example, the letters "J", "K" t and "L" may also variable as a first cipher key; 

be represented as "*50r\ "*502", and "°503" depend- generating, for use by the authorization means, a 

ing on the desired convention. corresponding access code also based on the se- 

Using the above leading delimiter format wherein the 45 lected ciphering algorithm and further comprised 
"#" is the delimiter and a space is represented by of at least a dynamic variable as a first cipher key; 
"#99", a key stream "#33#53 #99456888" will be de- comparing the non-machine generated access code 
coded by the access system as a license plate number with the corresponding access code; and 
"FL 456888". Although this method is employed in an granting the user access to the limited access system 
access authorization system, it would be obvious to 50 in response to an output resulting from the compar- 
those skilled in the an to employ this method in other ison of the non-machine generated access code and 
applications which would also benefit from alphabetical the corresponding access code- 
character recognition when using a numerical key entry 2* The method of claim 1 wherein the selectable ci- 
means. phering algorithms are selectable by a plurality of users. 

FIG. 5 is a flow chart illustrating the methodology of 55 3. The method of claim 1 wherein the dynamic vari- 

a specific example of buffer memory allocation for a . able comprises location data regarding a current access 

multiple key character entry system in which a leading position of the user. 

delimiter with two following characters is used. FIG. 6 4. The method of claim 1 wherein inputting by the 

illustrates a specific embodiment of an input and output user further comprises: 

buffer structure suitable for the method of FIG. 5, in- 60 . entering a combination of at least one key from a 

eluding input buffers 450 and output buffers 460. These keypad with numerical keys; 

buffers are a series of memory locations which, for entering another key from the keypad as a delimiter 

example, can be a single block of memory locations or key; and 

a set of separate memory locations identified by a determining whether the combination of the at least 

pointer. 65 two numerical keys and the delimiter key repre- 

The method starts at block 400 with the entry of sents a non-numerical character, 

characters into the input buffer 450 and the process then 5. The method of claim 1 wherein the dynamic vari- 

dctermines in step 402 if there are any more characters able is an environmental dependent variable. 
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6. The method of claim 1 wherein the non-machine b. code entry means, operably coupled to the authori- 
generated access code and corresponding access code zation means, for inputting a non-machine gener- 
futher comprise at least one fixed variable as a second *t«l access code based on the selected ciphering 
cipher key. algorithm; 

7. An apparatus for providing secure access to a lim- 5 non-machine access code further comprising at 
ited access system comprising: o 'if 1 one va ™ b ' c " 8 firet t c,ph ^ key ; 

a. authorization means further comprising: «• ™» a PP Matus °. f claun 7 wherel ° the codc ^ 

(i) means for storing a plurality of user selectable means further comprises: . 1Mr . , 

■ . ■ , -.if means for selecting one of the plurality of user select- 

dphenng algonthms; ciphering algorithms as an access ciphering 

(u) computing means, operably coupled to the method 

means for storing, for generating a correspond- 9 ^ paratus of daim 7 whercin ^ code cntry 

mg access code based on a user selected cipher- means comprises a keypad having numerical keys. 

mg algorithm chosen from the plurality of user 1Q ^ apparatus of claim 9 wherein the code entry 

selectable ciphering algorithm; , 5 mcans comprises: 

the corresponding access code further comprising means for entering a combination of at least one key 

at least one dynamic variable as a first cipher and a delimiter key from the keypad; and 

key; means, operably coupled to the means for entering, 

(iii) means, operably coupled to the computing for determining whether the combination of at least 
means, for comparing a non-machine generated 20 one key and the delimiter key represents a non- 
access code with the corresponding access code; numerical character. 

and 11. The apparatus of claim 7 wherein the dynamic 

(iv) means, operably coupled to the computing variable is an environmental dependent variable. • 
means, for granting the user access to the limited 12. The apparatus of claim 7 wherein the non- 
access system in response to an output resulting 25 machine access code and the corresponding access code 
from the comparison of the non-machine gener- further comprise at least one fixed variable as a second 
ated access code and the corresponding access cipher key. 

code; and * * * * * 
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